There have already been documented cases of private keys being compromised (not sure if that led to the shutting down of any CA but it might have).
The fundamental problem is that CA is *not decentralised* therefore it is a weakness and not something that can possibly *improve* the idea of Bitcoin (in terms of the Byzantine Generals problem and its solution).
Ok. In this system each full node has a copy of the root certificate. The distributed certificate servers use an intermediate X.509 certificate. Validation by TLS/SSL endpoints at the full nodes perform validation of the chain from root --> intermediate --> end-user, which is a software agent role.
Suppose the root key is lost somehow. The chain validation still works. The software does not check for certificate revocation. Bad nodes are simply banned.
How do you plan to detect bad nodes?
Peer agents perform remote attestation of each other's behavior. Tamper-evident logs record context, inputs, actions, and outputs, which when replayed by a validating peer, confirm good behavior or detect bad behavior, e.g. a byzantine fault. The research that I referenced in the May whitepaper for this technique gives the math proving overall good behavior with up to 50% of the nodes faulty. In contrast, Satoshi's Bitcoin can be corrupted by a single mining node with 51% of the network hashing power.
In addition to remote attestation of peer behavior, TexaiCoin will include a distributed network operations center equipped with a suite of open source information security tools that will detect intrusion and unauthorized changes to the host operating system and the Docker containers in which TexaiCoin full nodes execute. As funding from block reward permits, TexaiCoin network portals, that connect to wallets and external processors, will be protected against DDoS attacks by a traffic filtering service.